Android smartphones are hot targets for malware. Malware creators can embed their malicious code into seemingly normal applications without the victim knowing. Infected applications can be commonly found in third-party app stores, but some manage to slip into the official Android Market. One of the latest Android malware discoveries was found by CA Technologies. This particular malware has the ability to record entire phone conversations.

As with any application, the user has to give the app permission to install. If the phone-call-recording malware is present within an app, it will install a configuration file once its permissions have been granted.

CA Technologies tested the malware using a couple emulators. When a call is placed from the infected phone, the malware becomes activated. Its actions are indicated by a download icon in the Android phone’s taskbar.

The entire phone conversation is then recorded on the phone’s SD card in amr format. There’s also the possibility that the recorded conversation can be sent to a remote server.

The best way to avoid malware such as this is to read the permissions before installing any application.